public override void OnAuthorization(HttpActionContext actionContext)
{
if (!ResourceService.Authorize(UserContext.UserName, _resourceId, _operation))
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Get the current claims principal
var prinicpal = (ClaimsPrincipal)Thread.CurrentPrincipal;
//Make sure they are authenticated
if (!prinicpal.Identity.IsAuthenticated)
{
return(false);
}
//Get the roles from the claims
var roles = prinicpal.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray();
//Check if they are authorized
return(ResourceService.Authorize(_resourceId, _operation, roles));
}
public override void OnAuthorization(HttpActionContext actionContext)
{
string username;
if (Authenticate(actionContext, out username))
{
if (!ResourceService.Authorize(username, _resourceId, _operation))
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
}
}
else
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
}
